A Windows privilege change issue exists in Splashtop Software Updater prior to 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (prior to 3.3.8.0) and Splashtop Business (prior to 3.3.8.0).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
splashtop software updater |
||
splashtop streamer |